Secure & Index Surveillance Data

Data you cannot find is data you cannot control or keep secure.

...a wealth of information creates a poverty of attention...

Herbert A. Simon, Computer Scientist, Carnegie Mellon University

Description:

In order to protect the security of surveillance data, you must be able to find it and track it. Any policy that regulates the use of a surveillance system should require that the data collected be both indexed and secured. Indexing the data not only helps to assure that you can account for its whereabouts, it also makes the information easier to use, maintain, and delete according to its retention policy. Details about how the data is organized should be written into the policy to facilitate permitted uses and to dissuade the use of data in new, unauthorized ways.

Surveillance data should be secured throughout its life cycle: during collection, storage, processing, and use. At no time should data be allowed to pass through or reside on insecure systems. To assure that any approved system is secure, it is important to work with independent experts who can help to design and implement processes and protocols that will adequately protect data.

Examples of Use

Location::

Memphis, TN

The Memphis Police Department reported that in April of 2013, unknown intruders gained access to a database system used to search for people, residences, and vehicles in the city. The database contained contact information and other sensitive data, such as Social Security Numbers. The Department does not know how many individuals may have been affected by the breach and has hired a credit monitoring company to provide free services to impacted individuals.

Location::

Manchester, UK

Police force pays penalty for data breach

In 2012, the Greater Manchester Police Department paid a £120,000 fine for a data breach involving the theft of personal information of more than 1,000 people with links to serious crime investigations. The information was on a USB memory stick that had been transported to an officer’s home without password protection. The US Information Commissioner’s Office investigated the incident and found that the police force did not have restrictions on downloading information and had not sufficiently trained staff members to protect sensitive data.

Content on this site is licensed under a Creative Commons Attribution-Share Alike 4.0 license.